Pulse Secure 漏洞與 CVE 列表(93)

產品(CPE): — CVE 數: 93

Pulse Secure 漏洞概覽

彙總 Pulse Secure 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 輸入驗證問題與CSRF 等問題,部分漏洞可能導致 異常行為,並影響 生產負載與軟體部署 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12093 CVE 數
«« 第一頁 « 上一頁 第 1 / 5 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2022-21826 Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. [email protected] 5.4 45.23% 2022-09-30 2026-06-17
CVE-2021-44720 In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role. [email protected] 7.2 2.30% 2022-08-12 2026-06-17
CVE-2021-22965 A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. [email protected] 7.5 2.12% 2021-11-19 2026-06-16
CVE-2021-22938 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. [email protected] 7.2 2.10% 2021-08-16 2026-06-16
CVE-2021-22937 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. [email protected] 7.2 7.83% 2021-08-16 2026-06-16
CVE-2021-22936 A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. [email protected] 6.1 0.85% 2021-08-16 2026-06-16
CVE-2021-22935 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. [email protected] 7.2 2.10% 2021-08-16 2026-06-16
CVE-2021-22934 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request. [email protected] 7.2 4.68% 2021-08-16 2026-06-16
CVE-2021-22933 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. [email protected] 6.5 1.38% 2021-08-16 2026-06-16
CVE-2021-22908 A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default. [email protected] 8.8 69.38% 2021-05-27 2026-06-16
CVE-2021-22900 KEV A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. [email protected] 7.2 14.15% 2021-05-27 2026-06-16
CVE-2021-31922 An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. [email protected] 7.5 0.97% 2021-05-13 2026-06-16
CVE-2021-22887 A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. [email protected] 2.3 0.25% 2021-03-16 2026-06-16
CVE-2020-8263 A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. [email protected] 5.4 0.68% 2020-10-28 2026-06-16
CVE-2020-8262 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. [email protected] 6.1 1.83% 2020-10-28 2026-06-16
CVE-2020-8261 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. [email protected] 4.3 2.12% 2020-10-28 2026-06-16
CVE-2020-8255 A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. [email protected] 4.9 2.26% 2020-10-28 2026-06-16
CVE-2020-8254 A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. [email protected] 8.8 2.03% 2020-10-28 2026-06-16
CVE-2020-8250 A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. [email protected] 7.8 0.48% 2020-10-28 2026-06-16
CVE-2020-8249 A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. [email protected] 7.8 0.50% 2020-10-28 2026-06-16
«« 第一頁 « 上一頁 第 1 / 5 頁 下一頁 »
cvelogic Threat Intelligence